Now one question arises, why to create separate action for this? We can put direct if else in same login action. If we do this then GetRolesForUser or User.IsInRole will not work. FormsAuthentication requires one redirection to set cookies…etc. That’s why we redirects to another action and redirect again to action as per user role.

For testing, Create two new empty controllers say Admin and Dealer and create views of default actions.Admin View:

Note: In ASP.NET MVC 4, default template login is based on ajax. So for testing, open <base url>/Account/login. Similarly, you can update JsonLogin action.

Authorization:

Step 10: You can use Authorize attribute to restrict access by callers to an action method. You can put Authorize attribute on any action or whole controller. Suppose you want to give Admin controller access to admin role only then use [Authorize(Roles=”Administrator”)] No other user can access this controller actions.

You can assign multiple roles also. suppose you want to give Dealer controller access to dealer and administrators. then

Thank You SO much. It helped me a lot. I couldn’t get to redirect after login because i was redirecting right after login and not after one redirection. But i still have one problem and that is: I can’t get the UserId. I am using User.Identity.GetUserId(), but it is always null. Can somebody help me?

Brij, i have implemented your solution which is correct, thank you for the sharing, but i have a problem with my project.I have implemented customauthorization for many logins forms and in each login page, after submission, i have implemented your solution with authorize attribute for many roles that i have for each login page.The first time, all was correct and i can be able to be redirected to needed page and also logout.After some time, i have debug the project and try to be able to logout, but can not because request.isauthenticated always return false, i don’t know why and can not be able to have another solution. I am thinking that maybe this cookie is always in the browser and i can not be able to set another cookie but i am not sure.any help would be appreciated

Why when we remove the roles authorize does not work automatically, because I need to log out and then a login for work? The problem is that the roles are stored in the cookie. I have to find some solution to update the cookie. When do I remove a roles directly in the database the cookie is outdated. I think I have update the cookie to each User request. The example I’m using is on github https://github.com/aspnet/Musi…

Hi, How to implement dynamic authorization. I have a dropdown which contians different types of roles and i have a checkboxlist which contains all the controllers , so that i can select few controllers and assign to the selected role to access.

I wants to use Customized Action Filters which authenticate users when there going to secure pages of the website using AuthorizeCore() or OnAuthorization() which one has to use and how can i use this tel me pls !!!!!

Hi Brij, i have a question about custom Role in asp.net mvc 3. How to implement AddUsersToRoles methods in RoleProvider class with your database schema above? As far as i know, linq to sql can’t support many-to-many relationship. So, How to insert new record in UserInRoles tables? Thanks